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1. 



(Currently Amended) A method of administering a processor-based system, 



said method comprising th e st e ps of : 

implementin g, by an operating system, at least one compartment for containment of at 
least one process executable on said processor-based system , wherein said at least one 
compartment defines whether said at least one process contained therein is allowed access to 
particular system resources ; and 

providing, by said processor-based system, at least one operating system command- 
line utility executable to manipulate said at least one compartment. 

2. (Canceled) 

3. (Original) The method of claim 1 wherein said at least one process is labeled 
to identify the compartment in which it is contained. 

4. (Original) The method of claim 1 wherein said at least one command-line 
utility executable to manipulate said at least one compartment comprises at least one 
command-line utility executable to perform at least one type of compartment manipulation 
selected from the group consisting of: 

adding a new compartment, renaming an existing compartment, removing an existing 
compartment, resizing an existing compartment, adding a process to a compartment, and 
removing a process from a compartment. 

5. (Original) The method of claim 1 wherein said implementing step comprises: 
defining said at least one compartment in at least one configuration file. 

6. (Original) The method of claim 5 wherein said at least one command-line 
utility is executable to manipulate said at least one compartment without requiring a user to 
edit said at least one configuration file. 

7. (Original) The method of claim 1 wherein said implementing step comprises: 
providing at least one rule that defines containment of said at least one compartment 

in at least one configuration file. 
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8. (Original) The method of claim 7 further comprising the step of: 
providing at least one command-line utility executable to manipulate said at least one 

rule. 

9. (Original) The method of claim 8 wherein said at least one command-line 
utility executable to manipulate said at least one rule comprises at least one command-line 
utility executable to perform at least one type of rule manipulation selected from the group 
consisting of: 

adding a new rule for a particular compartment, removing an existing rule for a 
particular compartment, and listing all rules for a particular compartment. . 

10. (Previously Presented) A system comprising: 

an operating system implementing at least one compartment to which at least one 

process executable on said system can be associated; 

at least one configuration file defining said at least one compartment; and 

means for performing management of said at least one compartment without requiring 

that a user edit said at least one configuration file in which said at least one compartment is 

defined. 

1 1 . (Original) The system of claim 1 0 wherein said means for performing 
management of said at least one compartment further enables management actions initiated 
via said means for performing management to be performed dynamically, without requiring 
that the system be re-booted in order for said management actions to be effective within said 
system. 

12. (Original) The system of claim 10 wherein said performing management of 
said at least one compartment comprises manipulating said at least one compartment. 

13. (Original) The system of claim 12 wherein said manipulating said at least one 
compartment includes at least one type of manipulation selected from the group consisting of: 

adding a new compartment, renaming an existing compartment, and removing an 
existing compartment, resizing an existing compartment, adding a process to a compartment, 
and removing a process from a compartment. 
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14. (Original) The system of claim 12 wherein said means for performing 
management of said at least one compartment further enables manipulating of said at least 
one compartment to be performed dynamically, without requiring that the system be re- 
booted in order for compartment manipulation to be effective within said system. 

15. (Original) The system of claim 10 wherein said performing management of 
said at least one compartment comprises switching from a first compartment to a second 
compartment. 

16. (Original) The system of claim 10 further comprising: 

at least one configuration file including at least one rule defining containment of said 
at least one compartment. 

17. (Original) The system of claim 16 wherein said performing management of 
said at least one compartment comprises manipulating said at least one rule. 

18. (Original) The system of claim 17 wherein said manipulating said at least one 
rule comprises at least one type of manipulation selected from the group consisting of: 

adding a new rule for a particular compartment, removing an existing rule for a 
particular compartment, and listing all rules for a particular compartment. 

1 9. (Original) The system of claim 1 0 wherein said means for performing 
management comprises at least one operating system command-line utility executable to 
manage said at least one compartment. 

20. (Currently Amended) A computer-readable medium including instructions 
executable by a processor, said computer-readable medium comprising: 

library of software functions for managing at least one compartment implemented by 
an operating system, wherein at least one process can b e is associated with said at least one 
compartment and said at least one compartment defines accessibility of resources for said at 
least one process associated therewith; and 

said library of software functions includes at least one command-line utility 
executable to manipulate said at least one compartment. 
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21 . (Original) The computer-readable medium of claim 20 wherein at least one 
command-line utility executable to manipulate said at least one compartment includes at least 
one type of manipulation selected from the group consisting of: 

adding a new compartment, renaming an existing compartment, and removing an 
existing compartment, resizing an existing compartment, adding a process to a compartment, 
and removing a process from a compartment. 

22. (Original) The computer-readable medium of claim 20 wherein at least one 
configuration file is implemented on a system to define said at least one compartment. 

23. (Original) The computer-readable medium of claim 22 wherein said at least 
one command-line utility is executable to manipulate said at least one compartment without 
requiring that a user edit said at least one configuration file. 

24. (Original) The computer-readable medium of claim 20 wherein at least one 
rule is implemented to define accessibility of resources allowed for said at least one 
compartment, and wherein said library of software functions further includes at least one 
command-line utility executable to manipulate said at least one rule. 

25. (Previously Presented) The method of claim 1 wherein said implementing at 
least one compartment comprises: 

utilizing a kernel for enforcing said at least one compartment. 

26. (New) A system comprising: 

an operating system implementing at least one compartment to which at least one 

process executable on said system can be associated; 

at least one configuration file defining said at least one compartment; and 
command-line utility executable for performing management of said at least one 

compartment without requiring that a user edit said at least one configuration file in which 

said at least one compartment is defined. 

27. (New) The system of claim 26 wherein said performing management of said at 
least one compartment comprises manipulating said at least one compartment. 
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28. (New) The system of claim 27 wherein said manipulating said at least one 
compartment includes at least one type of manipulation selected from the group consisting of: 

adding a new compartment, renaming an existing compartment, and removing an 
existing compartment, resizing an existing compartment, adding a process to a compartment, 
and removing a process from a compartment. 

* 29. (New) The system of claim 26 wherein said command-line utility enables 
manipulating of said at least one compartment to be performed dynamically, without 
requiring that the system be re-booted in order for compartment manipulation to be effective 
within said system. 
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